From 57e1bf9fbaa01665704c57ff24856dfe0356826b Mon Sep 17 00:00:00 2001 From: David Garske Date: Wed, 27 Nov 2024 13:26:45 -0800 Subject: [PATCH] Fixes for building with SP RSA small and RSA Public only. ZD 18996 --- configure.ac | 8 +++--- wolfcrypt/src/sp_int.c | 49 ++------------------------------- wolfcrypt/test/test.c | 11 ++++---- wolfssl/wolfcrypt/settings.h | 52 ++++++++++++++++++++++++++++++++++++ 4 files changed, 65 insertions(+), 55 deletions(-) diff --git a/configure.ac b/configure.ac index ff9b61de20..218b1659b2 100644 --- a/configure.ac +++ b/configure.ac @@ -8261,10 +8261,12 @@ if test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes"; then case $host_cpu in *x86_64* | *aarch64* | *amd64*) - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_LARGE_CODE" - ;; + if test "$ENABLED_SP_SMALL" = "no"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SP_LARGE_CODE" + fi + ;; *) - ;; + ;; esac fi if test "$ENABLED_ECC" != "no" && test "$ENABLED_SP_ECC" = "yes"; then diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 59d2694ffc..529e540dde 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -5087,52 +5087,6 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct); static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho); #endif -/* Determine when mp_add_d is required. */ -#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \ - !defined(NO_DSA) || defined(HAVE_ECC) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(OPENSSL_EXTRA) -#define WOLFSSL_SP_ADD_D -#endif -/* Determine when mp_sub_d is required. */ -#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA) -#define WOLFSSL_SP_SUB_D -#endif -/* Determine when mp_read_radix with a radix of 10 is required. */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ - !defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(HAVE_ECC) || \ - !defined(NO_DSA) || defined(OPENSSL_EXTRA) -#define WOLFSSL_SP_READ_RADIX_16 -#endif -/* Determine when mp_read_radix with a radix of 10 is required. */ -#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ - !defined(WOLFSSL_RSA_VERIFY_ONLY) -#define WOLFSSL_SP_READ_RADIX_10 -#endif -/* Determine when mp_invmod is required. */ -#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) -#define WOLFSSL_SP_INVMOD -#endif -/* Determine when mp_invmod_mont_ct is required. */ -#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) -#define WOLFSSL_SP_INVMOD_MONT_CT -#endif - -/* Determine when mp_prime_gen is required. */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ - (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) -#define WOLFSSL_SP_PRIME_GEN -#endif - -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA) -/* Determine when mp_mul_d is required */ -#define WOLFSSL_SP_MUL_D -#endif /* Set the multi-precision number to zero. * @@ -14058,7 +14012,8 @@ int sp_exptmod_ex(const sp_int* b, const sp_int* e, int digits, const sp_int* m, if ((!done) && (err == MP_OKAY)) { /* Use code optimized for specific sizes if possible */ #if (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ - (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)) + ((defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \ + defined(WOLFSSL_HAVE_SP_DH)) #ifndef WOLFSSL_SP_NO_2048 if ((mBits == 1024) && sp_isodd(m) && (bBits <= 1024) && (eBits <= 1024)) { diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index cfc618afa3..a00aa1bf99 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -13753,11 +13753,12 @@ static wc_test_ret_t aes_direct_test(Aes* enc, Aes* dec, byte* cipher, byte* pla ERROR_OUT(WC_TEST_RET_ENC_NC, out); #endif /* HAVE_AES_DECRYPT */ } +out: +#endif /* WOLFSSL_AES_256 */ + (void)enc; (void)dec; + (void)cipher; (void)plain; -#endif /* WOLFSSL_AES_256 */ - -out: return ret; } #endif /* WOLFSSL_AES_DIRECT */ @@ -54765,7 +54766,7 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng) mp_digit rho; int size; #endif -#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) +#ifdef WOLFSSL_SP_PRIME_GEN int result; #endif #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \ @@ -55463,7 +55464,7 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng) return WC_TEST_RET_ENC_EC(ret); #endif -#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) +#ifdef WOLFSSL_SP_PRIME_GEN ret = mp_prime_is_prime(NULL, 1, NULL); if (ret != WC_NO_ERR_TRACE(MP_VAL)) return WC_TEST_RET_ENC_EC(ret); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 1a7cf1b8b5..e19dde0fce 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2835,6 +2835,58 @@ extern void uITRON4_free(void *p) ; #endif /*----------------------------------------------------------------------------*/ +/* SP Math specific options */ +/* Determine when mp_add_d is required. */ +#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \ + !defined(NO_DSA) || defined(HAVE_ECC) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(OPENSSL_EXTRA) + #define WOLFSSL_SP_ADD_D +#endif + +/* Determine when mp_sub_d is required. */ +#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA) + #define WOLFSSL_SP_SUB_D +#endif + +/* Determine when mp_read_radix with a radix of 10 is required. */ +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(HAVE_ECC) || \ + !defined(NO_DSA) || defined(OPENSSL_EXTRA) + #define WOLFSSL_SP_READ_RADIX_16 +#endif + +/* Determine when mp_read_radix with a radix of 10 is required. */ +#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) + #define WOLFSSL_SP_READ_RADIX_10 +#endif + +/* Determine when mp_invmod is required. */ +#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) + #define WOLFSSL_SP_INVMOD +#endif + +/* Determine when mp_invmod_mont_ct is required. */ +#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) + #define WOLFSSL_SP_INVMOD_MONT_CT +#endif + +/* Determine when mp_prime_gen is required. */ +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ + (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) + #define WOLFSSL_SP_PRIME_GEN +#endif + +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA) + /* Determine when mp_mul_d is required */ + #define WOLFSSL_SP_MUL_D +#endif /* user can specify what curves they want with ECC_USER_CURVES otherwise